iaz Lakhani , Chief Information

Security Officer at Barracuda Networks , says : “ Security breaches have business implications that reach far beyond IT disruption . For senior cybersecurity professionals this means that in addition to keeping the organisation secure and cyber-resilient , they need to know how to effectively communicate cyber-risk to very different and often non-technical stakeholders .

“ This can be a challenge . An international study found that just over a third ( 35 %) of the small business IT security professionals surveyed think senior managers don ’ t see cyberattacks as a significant risk .

“ This isn ’ t a question of management failure . It is hard to be interested in or care about something you don ’ t fully understand . finance and legal . These conversations should focus not just on evolving threats and security tools , but on what an incident might mean for products or business roadmaps , risk , compliance and customers .

“ Finally , security leaders need to effectively communicate risk to people who advise the business , such as the board of directors . Board members and non-executive directors bring a wide range of experience and backgrounds to the table . The golden rule here is to address everyone ’ s needs and concerns and keep things high-level and simple .

“ An engaged leadership is one of your most powerful assets for ensuring policies , programmes and investments succeed . The discussions you have and the relationships you build , will ensure they understand where the risks are , how to address them and how to keep the company resilient .”

“ The responsibility for addressing this gap rests with security leaders . They need to become storytellers and relationship builders .

“ In my experience , there are three key conversations security leaders should be having on a regular basis to effectively communicate cybersecurity risk and build strategies .

We speak to experts from Check Point , WatchGuard Technologies and SailPoint about their views on the conversations CISOs should be having to encourage cybersecurity awareness and maintain secure operations .

Riaz Lakhani , Chief Information Security Officer , Barracuda Networks

“ At a foundation level , they need to engage regularly with technical colleagues such as engineers , developers and security researchers . Building strong relationships with these individuals and understanding security from their perspective is crucial , as these are the people security leaders rely on in a crisis .

“ Second , CISOs should hold regular meetings with senior managers , including the Chief Executive or their equivalent and critical risk departments like

WWW . INTELLIGENTCISO . COM 27